CVE-2026-1922

CVE-2026-1922 : The Events Calendar Shortcode & Block plugin for WordPress contains a stored XSS vulnerability in the ecs-list-events shortcode, via the message attribute. It affects all versions up to 3.1.2 and arises from insufficient input sanitization and output escaping on user-supplied attr...

EUVD-2026-5313

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...

CVE-2026-24988

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...

PT-2026-6235

Name of the Vulnerable Software and Affected Versions The Events Calendar Shortcode & Block versions through 3.1.1 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection ...